[beaconstudios]

really? I've not written much shellcode at all, but what I did write wasn't generically-compiled C++ - it was always either C or ASM, specifically because you get to avoid all the platform and position-dependent stuff (except in return-to-libc payloads).

[ssklash]

You can definitely use C++, but you need to use specific compiler flags and avoid things like the STL or exceptions. Strings need to be created on the stack, a few other tricks. Then you can extract the .text section assembly of the resulting binary and inject and run it.

[beaconstudios]

That makes sense, but then a C++ without exceptions, without vtables, without the STL - might as well be C, right? There's not much going on there beyond syntax sugar!

[pjmlp]

It still has stronger type safety, that is why C89 is mostly C++ compatible, not all of it is.

Then you also get namespaces, modules, compile time execution, type safe macros (aka templates).

It is a bit more than syntax sugar.

[NtGuy25]

You want to use C anyhow as you want to make sure you have control over the code that is output.

For example the following code you know what the assembly is going to be.

strcmp(char* a, char* b);

strcmp(str1,str2);

If you do the above as a template you can run into some weird issues that you may not be expecting. So while tedious, you would need to make your own wscmp. You also have to be very careful so that you don't pull in ANY libraries. Since your code needs to be 100 % independent and do the loading itself.

C++ exceptions are implemented at the OS level in windows. C++ exceptions using SEH, while there's also VEH and unhandled exceptions. You can easily use SEH for your shell code, it's just not documented well. But sadly you have to manually set this up by having something like

SetExceptionHandler(curAddr,Handler) // Where curaddr can be found by doing something like call $+5 so you remain position independent.

[ssklash]

Yeah it's not super helpful. Maybe a bit smaller code, stricter type checking, a little faster compilation time possibly But not really a huge benefit over C. Sure beats writing it all in hand-coded assembly though!